Ambient authority

From Erights

(Difference between revisions)
Jump to: navigation, search
(Examples of ambient authority)
Line 14: Line 14:
If we consider UNIX processes run by some user as [[subject]]s and files owned by that user as [[object]]s then all processes have ''ambient authority'' to manipulate all those files.
If we consider UNIX processes run by some user as [[subject]]s and files owned by that user as [[object]]s then all processes have ''ambient authority'' to manipulate all those files.
-
If we consider UNIX processes as [[subject]]s and TCP ports 1024--65535 as [[object]]s then all processes have ''ambient authority'' to listen to any ports.
+
If we consider UNIX processes as [[subject]]s and TCP ports 1024--65535 as [[object]]s then all processes have ''ambient authority'' to listen to any TCP ports.
 +
 
 +
If we consider UNIX processes as [[subject]]s and UDP ports 1024--65535 as [[object]]s then all processes have ''ambient authority'' to listen to any UDP ports.
If we consider UNIX processes run by some user as [[subject]]s and all executable programs owned by that user as [[object]]s then all these processes have ''ambient authority'' to run any of those programs.
If we consider UNIX processes run by some user as [[subject]]s and all executable programs owned by that user as [[object]]s then all these processes have ''ambient authority'' to run any of those programs.

Revision as of 12:28, 11 June 2009

Definition

If a subject can operate on all objects of a given type, we say that it has ambient authority.

Comment

Several access control models were invented and implemented to enable restriction of ambient authority of subjects. Many of them are:

Things become more "interesting" if we have to consider different security policies enforced via different alternative security mechanisms for the same type of objects and for different type of objects and the relevant transitivity relationship.

Examples of ambient authority

If we consider UNIX processes run by some user as subjects and files owned by that user as objects then all processes have ambient authority to manipulate all those files.

If we consider UNIX processes as subjects and TCP ports 1024--65535 as objects then all processes have ambient authority to listen to any TCP ports.

If we consider UNIX processes as subjects and UDP ports 1024--65535 as objects then all processes have ambient authority to listen to any UDP ports.

If we consider UNIX processes run by some user as subjects and all executable programs owned by that user as objects then all these processes have ambient authority to run any of those programs.

If we consider all functions defined in some C program as subjects and all functions in the same C program as objects then any function has ambient authority to call any other function (in C we can cast any integer to a function pointer and perform the call operation with this forged reference to a function).

If we consider all functions defined in some C program as subjects and all regions of the address space of the relevant process as objects then all these functions have ambient authority to read from or write to any such memory region.

If we consider all processes in UNIX as subjects and also as objects then all UNIX processes have ambient authority to send any signal to any other process.

Personal tools
more tools